From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 28 Feb 2015 12:43:49 +0000 (+0000)
Subject: local.m4: Reinstate detailed filtering from scary networks.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/4f8c198960217f631e0fcb20e8615fc93c3d1da2

local.m4: Reinstate detailed filtering from scary networks.

This got lost when I split scary out of untrusted.  Oops.
---

diff --git a/local.m4 b/local.m4
index 59ab342..7e7ad15 100644
--- a/local.m4
+++ b/local.m4
@@ -370,6 +370,7 @@ openports inbound
 
 ## Inspect inbound packets from untrusted sources.
 run ip46tables -A inbound -j forbidden
+run ip46tables -A INPUT -m mark --mark $from_scary/$MASK_FROM -g inbound
 run ip46tables -A INPUT -m mark --mark $from_untrusted/$MASK_FROM -g inbound
 
 ## Allow responses from the scary outside world into the untrusted net, but